ZT Browser Update Log

New and improved:

• The kernel has been upgraded to Chromium version 137, supporting post-quantum cryptography hybrid protocol HTTPS encryption;
• Websites that support post-quantum cryptography algorithms will display a Q icon next to padlock in the address bar and displays "Quantum-Safe";
• Included trusted roots: ZoTrus and CerSign G2 roots, DFCA SM2 root, NMGSCA SM2 root;
• Support trusting SM2 root CA certificates imported by users, and support trusting RSA root CA certificates imported in Windows;
• Update the Website Trusted Identity Validation Service;
• Improve the patch of Windows SM2 algorithm support.

Bug fixed:

• Fixed few minor bugs.

New and improved:

• Improve the display information of ZoTrus Gateway WAF Service icon;
• Change the way to patch Windows with commercial cryptographic algorithm: do not patch it in upgrade, but only the new installation;
• Optimize the certificate chain validation algorithm for PDF Reader to verify document signing certificates and timestamping certificates;
• Improve the display information of the Website Trusted Identity Validation Service icon.

Bug fixed:

• Fixed few minor bugs.

New and improved:

• Support ZoTrus Gateway to customize the Gateway WAF identifier for customers, support Chinese identifier and improve the verification mechanism;
• Improve the patch of Windows SM2 algorithm support.

Bug fixed:

• Fixed few minor bugs.

New and improved:

• Patching for Windows supports the SM2 algorithm,so that Windows can view and verify the SM2 algorithm digital certificate normally,and display the certification path of the SM2 algorithm digital certificate normally;
• Improving the verification method of the SM2 SSL certificate to better be compatible with some websites that do not have the intermediate root certificate installed correctly,and improve the user experience.

Bug fixed:

• Fixed few minor bugs.

New and improved:

• Verify and trust the intranet SSL certificates issued by the included CerSign and ZoTrus intranet root CA certificates, including SM2 intranet SSL certificates and RSA intranet SSL certificates, according to the "CA Requirements for Issuing Intranet SSL Certificates" rules formulated by ZoTrus Trusted Root Program.
• It supports verification of SM2 Certificate Transparency Log SCT data embedded in the RSA algorithm SSL certificate, this is the first in the world to support both RSA/ECC/SM2 three-algorithm SSL certificate embedded SM2 algorithm certificate transparency log SCT data and RSA/ECC algorithm SSL certificate embedded ECC algorithm certificate transparency log SCT data.

Bug fixed:

• Fixed few minor bugs.

New and improved:

• Support client certificate authentication, including SM2 USB Key certificates and RSA client certificates. The first phase supports the SM2 USB Key certificates issued by Guizhou CA (tested and verified), NetCA (tested and verified), BJCA, SZCA and CTI CA

Bug fixed:

• Fixed few minor bugs.

New and improved:

• Added 3 WAF service provider identifiers, including the built-in WAF service of ZoTrus SM2 HTTPS Automation Gateway.
• Improve the Certificate Transparency display in Developer Tools, and completely display the SM2 Certificate Transparent Log information in the SM2 SSL certificates.

Bug fixed:

• Fixed the issue that the PDF reader could not recognize some non-standard signature formats.
• A misspelling of a word in the English menu.

New and improved:

• 3 China DNS providers have been added to the Secure DNS option, specially one SM2 DoH service has been added.
• Provide a new installer that is more user-friendly, separating the installer from the upgrade program.
• Included and trusted 4 SM2 algorithm root CA certificates and 4 RSA algorithm root certificates.
• Automatically install 4 RSA algorithm root CA certificates to the Windows trusted root certificate store.

Bug fixed:

• None.

New and improved:

• Modify all "国密" to "商密", "GMSSL" to "SMSSL".
• Improve the handling of “Not secure” warnings.

Bug fixed:

• PDF document signature time display format.
• Minor adjustments to some functions.

New and improved:

• The built-in PDF reader verifies document digital signatures in real time and displays the trusted identity of the signer.
• Improve document signature verification.

Bug fixed:

• Minor adjustments to some functions.

New and improved:

• Turn off all Chromium Experiments, including automatically enabling HTTPS.
• If there is an issue with SM2 SSL certificate deployed on the website, it will automatically switch to the RSA/ECC SSL certificate to implement https encryption.
• Unsafe elements that are not serious in the web content will no longer prompt “Not secure”.
• “Developer Tools – Security” modification of SM2 HTTPS Algorithm details.

Bug fixed:

• Automatic update issue of Website Trusted Certification Database.
• When the certificate viewer saves the .com domain name certificate, the certificate file is .crt instead of .com.
• Minor adjustments to other functions.

New and improved:

• The kernel is upgraded from Chromium 97 to version 114.
• Improved and optimized the SM2 HTTPS encryption algorithm, making the SM2 https encryption fast.
• Modify the SM2 SSL certificate type identification rules, and identify the certificate type according to the SSL certificate type OID.
• Modified the validity period rules of the SM2 SSL certificate, referring to international standards, and no longer trust the SM2 SSL certificate with a period of more than one year.
• Adjusted the certificate transparency UI, added certificate transparency information display under the padlock, and support and diaplay both international certificate transparency and SM2 certificate transparency.

Bug fixed:

• Minor adjustments to other functions.
• Fix the issue that the address bar information is not displayed clearly in dark mode.

New and improved:

• Add Guizhou CA and China Unicom CA SM2 root certificates to trust store.
• Improve the certificate chain selection path, giving priority to displaying the latest signed root certificate.

Bug fixed:

• The problem of crashing when accessing certain websites after setting up a local proxy on Windows.
• The problem of automatic update of the Website Trusted Certification Database.
• Minor adjustments to other functions.

New and improved:

• Add Beijing CA SM2 root certificate to trust store.
• Improve the automatic upgrade mechanism of browser software and website trusted certification database.

Bug fixed:

• Some websites do not deploy the SM2t intermediate root certificate and the AIA is inaccessible, causing the browser to crash.
• The website does not deploy the SM2 intermediate root certificate, which causes the SM2 CT information not be displayed.
• Minor adjustments to other functions.

New and improved:

• Add Nanjing CA SM2 root certificate to trust store.
• All DV SSL certificates valid for less than 100 days will no longer display the padlock unless the domain name has applied for trusted identity certification.
• All SSL certificates issued by SwissSign no longer display any icon in the address bar.

New and improved:

• Support SM2 certificate transparency, includes and trust 3 ZoTrus SM2 Certificate Transparency Log Systems.
• Added new SM2 root CA certificates including ZoTrus, CerSign and Sichuan CA.
• Added the SM2 SCT info in the SM2 encryption icon.

Bug fixed:

• Cannot automatically change algorithm to re-handshake with web server when the website SM2 SSL certificate is expired but the RSA SSL certificate is not expired.
• Some menu modification and adjustment.

New and improved:

• automatic download and update function;
• automatic update of website trusted identity validation database;
• increase certificate algorithm score in security rating.

Bug fixed:

• Modified “Chromium” displayed in some menus to “ZT Browser”;
• Retry one more time in the handshake for SM2 SSL certificate.